﻿@{
	PageData["Title"] = "Reset Password";

    var passwordResetToken = Request.QueryString["resetCode"];
	var db = Database.Open("wishlistdb");
    var recoveryQuestion = "";
    var recoveryAnswer = "";
    var username = "";

    //Determine if user is legitimate with a recovery question and answer
    if (!passwordResetToken.IsEmpty()) {
        var userId = db.QuerySingle("SELECT UserId FROM webpages_Membership WHERE PasswordVerificationToken = @0", passwordResetToken);
        if (userId != null) {
            var user = db.QuerySingle("SELECT Username, RecoveryAnswer, RecoveryQuestionId FROM WishlistUser WHERE Id = @0", userId.UserId);
            recoveryAnswer = user.RecoveryAnswer;
            username = user.Username;
            recoveryQuestion = db.QuerySingle("SELECT Text FROM RecoveryQuestion WHERE Id = @0", user.RecoveryQuestionId).Text;
        } else {
            Response.Redirect("~/Shared/Errors/Error");
        }
	}
    //If user is not legitimate, redirect to error page
    if (recoveryQuestion.IsEmpty()) {
        Response.Redirect("~/Shared/Errors/Error");
    }
}

<h1>Reset Password</h1>
@if (IsPost) {
    var password = Request["password"];
    var confirmPassword = Request["confirmPassword"];
    var errorMessage = "";
    if (password == confirmPassword && !password.IsEmpty()) {
        //Check user's answer to recovery question
        if (Request["recoveryAnswer"] == recoveryAnswer) {
            //Reset password based on token and prompt if answer is correct, logout user if successful
            if (WebSecurity.ResetPassword(passwordResetToken, password)) {
                WebSecurity.Logout();
                Response.Redirect("~/Shared/Success/ResetSuccess");
            } else {
                errorMessage = "<li>There was a problem resetting your password.</li>";
            }
        } else {
            errorMessage = "<li>You didn't answer the recovery question correctly!</li>";
        }
    } else {
        errorMessage = "<li>Passwords must match and not be empty.</li>";
    }
    if (!errorMessage.IsEmpty()) {
        @RenderPage("~/Shared/Errors/_FormInputError.cshtml", errorMessage);
    }
}
<div>
    Hello @username, please answer the recovery question and supply a new password:
    <form id="validateForm" method="post" action="">
	    <fieldset>
		    @RenderPage("~/Shared/_InputFormField.cshtml", 
                new {labelName = "recoveryAnswer", labelDisplay = recoveryQuestion, maxLength = 100, required = true})
		    @RenderPage("~/Shared/_InputFormField.cshtml",
                new { labelName = "password", labelDisplay = "New Password:", inputType = "password", required = true})
		    @RenderPage("~/Shared/_InputFormField.cshtml",
                new { labelName = "confirmPassword", labelDisplay = "Confirm New Password:", inputType = "password", required = true, 
                    validationAttributes = "equalTo=\"#password\""})
		    <div class="submit-group">
			    <input type="submit" value="Update Password" onclick="javascript:$('#validateForm').validate()" />
		    </div>
	    </fieldset>
    </form>
</div>
